|
Google Attack Highlights 'Zero-Day' Black Market |
|
|
|
Source: ABC / Associated Press - Posted by Alex
|
The recent hacking attack that prompted Google's threat to leave China is underscoring the heightened dangers of previously undisclosed computer security flaws — and renewing debate over buying and selling information about them in the black market.
Because no fix was available, the linchpin in the attack was one of the worst kinds of security holes. Criminals treasure these types of "zero day" security vulnerabilities because they are the closest to a sure thing and virtually guarantee the success of a shrewdly crafted attack.
The attackers waltzed into victims' computers, like burglars with a key to the back door, by exploiting such a zero-day vulnerability in Microsoft Corp.'s Internet Explorer browser. Microsoft rushed out a fix after learning of the attack.
How did the perpetrators learn about the flaw? Likely, they merely had to tap a thriving underground market, where a hole "wide enough to drive a truck through" can command hundreds of thousands of dollars, said Ken Silva, chief technology officer of VeriSign Inc. Such flaws can take months of full-time hacking to find.
Read this full article at ABC / Associated Press
Only registered users can write comments.
Please login or register. Powered by AkoComment! |
